To determine which types of traffic can be filtered by an advanced Access Control List (ACL) on a Huawei device, we need to understand the capabilities of advanced ACLs as defined in HCIA Datacom documentation and Huawei networking standards. Let’s analyze each option step by step:
Understanding Huawei ACL Types:
Huawei devices support different types of ACLs, including Basic ACLs, Advanced ACLs, and Layer 2 ACLs (MAC-based). Each type has specific filtering capabilities:
Basic ACLs (2000–2999): Filter traffic based on source IP addresses only.
Advanced ACLs (3000–3999): Provide more granular filtering, including source IP addresses, destination IP addresses, protocols, port numbers, and other Layer 3 and Layer 4 parameters. They are more flexible than Basic ACLs but do not filter based on Layer 2 information like MAC addresses.
Layer 2 ACLs (4000–4999): Filter traffic based on source and destination MAC addresses, VLAN IDs, and other Layer 2 parameters.
The question specifically asks about advanced ACLs, so we focus on their capabilities, which are limited to Layer 3 and Layer 4 traffic (IP-based and protocol-specific filtering).
Evaluating Each Option:
A. Network traffic based on a specific source IP address
Advanced ACLs on Huawei devices can filter traffic based on source IP addresses. This is a standard feature of advanced ACLs, which support matching rules for source IP addresses using wildcard masks or specific IP ranges.
This statement is true.
B. Network traffic based on a specific source MAC address
Advanced ACLs operate at Layer 3 and Layer 4 (IP and TCP/UDP) and do not have the capability to filter traffic based on Layer 2 information, such as MAC addresses. Filtering based on MAC addresses requires Layer 2 ACLs (e.g., ACLs in the 4000–4999 range), not advanced ACLs.
This statement is false.
C. Network traffic based on a specific user name
Advanced ACLs do not have the capability to filter traffic based on user names. User-based filtering typically requires authentication mechanisms (e.g., 802.1X, AAA, or RADIUS) combined with dynamic ACLs or policies, not standard advanced ACLs. Advanced ACLs are limited to IP addresses, protocols, and port numbers, not user-specific attributes.
This statement is false.
D. Network traffic based on a specific port number
Advanced ACLs can filter traffic based on transport layer port numbers (e.g., TCP/UDP ports), such as HTTP (port 80), FTP (port 21), etc. This is a key feature of advanced ACLs, allowing granular control over application-layer traffic.
This statement is true.
E. Network traffic based on a specific destination IP address
Advanced ACLs can filter traffic based on destination IP addresses, similar to source IP addresses. This is another standard capability, allowing matching rules for destination IP addresses using wildcard masks or specific IP ranges.
This statement is true.
Conclusion:
Advanced ACLs on Huawei devices can filter traffic based on:
Source IP addresses (Option A).
Destination IP addresses (Option E).
Port numbers (Option D).
They cannot filter traffic based on source MAC addresses (Option B) or user names (Option C), as these require Layer 2 ACLs or authentication-based policies, respectively.
Therefore, the correct answers are A, D, and E.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit